Scanning Azure VMs, Azure Arc-enabled servers and ACR images for vulnerabilities with Microsoft Defender and Qualys

⚠️ Please note that Azure vulnerability scanning with the integrated Qualys scanner has now been deprecated (as of 1st of May 2024). In the modern reality with tens of security vulnerabilities that are being disclosed daily you need to continuously implement a variety of security controls in order to ensure that your systems are strongly protected. Even if you’re running on the cloud⛅ One of the security controls that I would like to talk about in this blog post is vulnerability scanning. Vulnerability scanning is an essential practice for maintaining a secure infrastructure, mitigating risks, and protecting sensitive data from potential threats. It allows organizations to stay proactive, comply with regulations, and safeguard their systems against known vulnerabilities and emerging security risks. ...

June 6, 2023 · 10 min · Kristina Devochko

Takeaways from attending KubeCon+CloudNativeCon Europe 2023, wearing many hats

Last month, 18th-21st of April, KubeCon+CloudNativeCon Europe was happening in Amsterdam in the Netherlands, and it was HUGE! With a fully sold out event, with more than 10000 in-person participants, 5000+ online participants and 20 parallell tracks, it has been the largest conference I’ve attended in-person so far. I attended the event wearing many hats: a speaker, KCD organizer, CNCF ambassador and an attendee. Having these roles gave me an even broader perspective of the event which I want to share with the community😺 ...

May 6, 2023 · 16 min · Kristina Devochko

Creating custom Azure Policy for Kubernetes to disallow non-compliant image registries

There are cases where you may need to explicitly ensure that specific container image registries are blacklisted from being used in your Kubernetes clusters. Let me provide you with a very recent and relevant example. From 3rd April 2023, k8s.gcr.io legacy image registry is officially frozen which means that no images, future Kubernetes versions and patch releases for earlier Kubernetes versions will be pushed to this registry. At some point in the near future this legacy image registry will be completely deactivated. ...

April 4, 2023 · 4 min · Kristina Devochko

Keeping AKS clusters continuously secure with Azure Policy

🐇This blog post is also a contribution to Azure Spring Clean 2023 where during 5 weekdays of March, 13th-17th, community contributors share learning resources that highlight best practices, lessons learned, and help with some of the more difficult topics of Azure Management. You’re welcome to check out all the contributions here: Azure Spring Clean 2023 As you may know already, Kubernetes doesn’t come with 100% built-in security by default. The same applies for managed Kubernetes service offerings like Azure Kubernetes Service (AKS). Some cloud providers offer more hardened default configuration for a managed Kubernetes service, some offer less hardened and more beginner-friendly default configuration, but the fact stays the fact - cloud services are a shared responsibility. It means that you’re responsible to properly harden and secure Kubernetes clusters that you’re provisioning in the cloud, also in Azure. ...

March 16, 2023 · 14 min · Kristina Devochko

How to trigger subsequent GitHub workflow in a different repository

I was recently working on automating some manual actions related to my tech blog and discovered an interesting use case that I thought was worth sharing with the community 😊 Did you know that it is possible to trigger a GitHub workflow that resides in a different repository? Let me show you how!😼 There are multiple approaches to how you can implement this but I have found following approach to be most preferrable. Let’s say that you have repository A and repository B, and you want to trigger a GitHub workflow in repository B once workflow in repository A succeeds. ...

February 12, 2023 · 5 min · Kristina Devochko